Sysdig Windows Agent Release Notes
0.9.1 April 03, 2023
New Features
Ability to deploy Windows Agent as Host Process Container
You can now deploy the Windows Agent container image as a Host Process Container to allow access to the host instrumentation facilities.
Ability to Automatically Detect vmcompute and containerd Services.
The Agent can now detect both vmcompute and containerd processes even after the initial startup. This capability enhances resiliency in scenarios where these services may not be running during agent startup.
Defect Fixes
Fixed Memory Leak During Querying Object Types
The catalog of available system object types was being repeatedly repopulated every time a handle was fetched from the process handle table. This resulted in a memory leak as the catalog continued to grow indefinitely. This issue has been fixed in this release.
0.9.0 March 07, 2023
New Features
Container Enrichment
The agent is now capable of gaining visibility into containerized processes, allowing the containerd-based containers to be secured along with the host operating system.
Availability of Docker Image for Windows Server v2019 and v2022
The Windows Agent is now available as a Docker image for Windows Server 2019 and Server 2022.
Defect Fixes
Vulnerability Fixes
Ability to Handle Wide Characters from AmsiScanBuffer Events
AMSI events carry the buffer parameter that contains the executed payload, such as Powershell cmdlet and loaded .NET assembly. This conveys that the parameter structure is dynamic and will greatly depend on the data source emitting the AMSI telemetry. As a consequence, the event parsing mechanism has been adapted to treat the parameters as dynamic, and thus derive the content of the AMSI buffer as dictated by the application type emitting the event.
0.8.0 December 20, 2023
Defect Fixes
Rule Detection Reliability
Improve the reliability of detection capabilities.
Vulnerability Fixes
Fixed the following vulnerabilities:
- CVE-2020-1971
- CVE-2021-23840
- CVE-2021-23841
- CVE-2021-3449
- CVE-2021-3450
- CVE-2021-3711
- CVE-2021-3712
- CVE-2021-4160
- CVE-2022-0778
- CVE-2022-1292
- CVE-2022-2068
- CVE-2022-2097
- CVE-2022-4304
- CVE-2022-4450
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0464
- CVE-2023-0465
- CVE-2023-0466
- CVE-2023-2650
- CVE-2023-3817
- CVE-2023-4807
- CVE-2023-5363
New Features
User Telemetry
Add audit telemetry for user-related activities including:
- Login and logoff
- Account creation and deletion
Enable Control Flow Guard
Enable Control Flow Guard for Windows Agent applications.
Enhanced Detection Capabilities
Improve event metadata parsing to enable more finely tuned rules.
0.7.0 October 25, 2023
Sysdig Windows Agent Released as Controlled Availability
Sysdig is pleased to announce the controlled availability of the Windows Agent that delivers enhanced threat detection and visibility into malicious activities on Windows systems in the cloud. It includes a comprehensive set of curated policies and rules designed to detect a wide range of malicious activities, from the execution of known malicious Powershell cmdlets to the addition of users to the Administrators group. Additional rules will continue to be developed during the CA.
For more information, see Sysdig Agent for Windows.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.